I have written a simple program that watches a port (using an AF_INET socket) and prints out the contents of the TCP packet. The thing is i would also like to read the header information aswell (source IP and port and destination IP and port).

Do i need to use a different type of socket (ie not AF_INET)?
Should i be using raw sockets to do this or do i need to work at a lower level, at the moment i am at the application layer so the underlying layers are stripping the data i want.

Can someone please point in the right dircetion?

tia

(writing in C , compiling for Slackware/10 with gcc)

12-02-2004

chrismiceli

I just searched the internet for you, I found that raw sockets may or may not include the headers. I found this explaining some stuff about packets. They recomment an api such as libpcap to capture packets.

12-02-2004

bithub

I've used libpcap before, and it works great. It's extremely easy to use as well.